Support Centre

Ukraine

Summary

Law: The Law of 1 June 2010 No. 2297-VI on Personal Data Protection (as amended) (only available in Ukrainian here) ('the Personal Data Protection Law')

Regulator: The Ukraine Parliamentary Commissioner for Human Rights ('the Commissioner')

Summary: Data protection in Ukraine is primarily governed by the Personal Data Protection Law, the Constitution of Ukraine, and additional legislation issued by the Commissioner, such as the Sample Order of Personal Data Processing (only available in Ukrainian here). The Personal Data Protection Law provides for data subject rights, obligations for data controllers, and general requirements for the processing of personal information, while the Commissioner's legislative acts address topics such as special risk data and supervision processes. In addition, the Commissioner often conducts audits to ensure compliance with data protection laws, and has notably investigated the electronic health care system.

On 25 October 2022 a draft law on Personal Data Protection (only available in Ukrainian here) was submitted to the Parliament of Ukraine following the rejection of the previous data protection bill from June 2021. The draft law provides, among other things, grounds for the processing of personal, sensitive, as well as biometric information; data subject rights; responsibilities for data controllers and operators, including the adoption of Privacy by Design and requirements for the security of processing and cross border data transfers, as well as the carrying out of Data Protection Impact Assessments.

Insights

The Parliament of Ukraine ('Verkhovna Rada') announced, on 25 October 2022, that it had received a draft data protection law ('the Draft Law')1, following the rejection, on 16 August 2022, of a previous data protection bill. Currently, data protection in Ukraine is governed primarily by Law of 1 June 2010 No. 2297-VI on Personal Data Protection (as amended), enforced by the Ukraine Parliamentary Commissioner for Human Rights. In its explanatory note on the Draft Law2, Verkhovna Rada explained that the revision aims to ensure the protection of personal data in Ukraine and bring it in line with international standards.

This Insight provides an overview of the Draft Law, including key provisions and obligations applicable to the processing of personal data.

In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and Ukraine's draft Law on Personal Data Protection (only available in Ukrainian here) (the Draft Law).

The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the Draft Law with the  GDPR.

You can access the latest version of the report here.

Feedback